Method and apparatus for digital rights management policies

ABSTRACT

Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run on the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a continuation of U.S. patent applicationSer. No. 11/311,844 filed Dec. 19, 2005, which is incorporated herein byreference in its entirety.

TECHNICAL FIELD

The subject matter relates generally to the field of digital rightsmanagement, and more particularly to authentication in digital rightsmanagement.

RELATED APPLICATIONS

This application is related to U.S. application Ser. No. 11/311,758,entitled, “AUTHENTICATION USING A DIGITAL RIGHTS MANAGEMENT POLICY,” byGary Gilchrist and Sangameswaran Viswanathan, filed on Dec. 19, 2005,and assigned to Adobe Systems, Inc.

COPYRIGHT

A portion of the disclosure of this patent document contains materialthat is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent files or records, but otherwise reserves all copyrightrights whatsoever. The following notice applies to the software and dataas described below and in the drawings that form a part of thisdocument: Copyright 2005, Adobe Systems Inc. All Rights Reserved.

BACKGROUND

Digital rights management (DRM), as its name implies, applies to digitalmedia. Digital media encompasses digital audio, digital video, the WorldWide Web, and other technologies that can be used to create, refer toand distribute digital “content.” Digital media represents a majorchange from all previous media technologies. Post-production of digitalmedia is cheaper and more flexible than that of analog media, and theend result can be reproduced indefinitely without any loss of quality.Furthermore, digital content can be combined to make new forms ofcontent. The first signs of this are visible in the use of techniquessuch as sampling and remixing in the music industry.

Digital media have gained in popularity over analog media both becauseof technical advantages associated with their production, reproduction,and manipulation, and also because they are sometimes of higherperceptual quality than their analog counterparts. Since the advent ofpersonal computers, digital media files have become easy to copy anunlimited number of times without any degradation in the quality ofsubsequent copies. Many analog media lose quality with each copygeneration, and often even during normal use.

The popularity of the Internet and file sharing tools have made thedistribution of digital media files simple. The ease with which they canbe copied and distributed, while beneficial in many ways, presents botha security risk and a threat to the value of copyrighted materialcontained in the media. Although technical control measures on thereproduction and use of application software have been common since the1980s, DRM usually refers to the increasing use of similar measures forartistic and literary works, or copyrightable content in general. Beyondthe existing legal restrictions which copyright law imposes on the ownerof the physical copy of a work, most DRM schemes can, and do, enforceadditional restrictions at the sole discretion of the media distributor(which may or may not be the same entity as the copyright holder).

DRM vendors and publishers coined the term digital rights management torefer to various types of measures to control access to digital rights,as for example discussed herein, but not limited to those measuresdiscussed herein. DRM may be thought of as a variant of mandatory accesscontrol wherein a central policy set by an administrator is enforced bya computer system.

Rights management systems allow a policy to be associated with adocument. This policy may be unique for the document or it may be usedfor multiple documents. If a user wishes to secure a document withpermission assignments that are already covered by a set of policies,then a new policy still needs to be defined for this purpose. Also, ifmany documents are secured using the same policy, but one document needsextra permission assignments, then it is also necessary to define a newpolicy for that document. This can result in a large number of policiesin the system with duplicated rights assignments.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 illustrates a system according to one example embodiment of theinventive subject matter disclosed herein;

FIG. 2 illustrates digital content according to one example embodimentof the inventive subject matter disclosed herein;

FIG. 3 illustrates a digital rights management policy according to oneexample embodiment of the inventive subject matter disclosed herein;

FIG. 4A illustrates a digital rights management policy templateaccording to one example embodiment of the inventive subject matterdisclosed herein;

FIG. 4B illustrates a user interface according to one example embodimentof the inventive subject matter disclosed herein;

FIG. 5 illustrates a flow chart of an example embodiment of a methodaccording to the inventive subject matter disclosed herein;

FIG. 6A illustrates still another digital rights management policytemplate according to one example embodiment of the inventive subjectmatter disclosed herein;

FIG. 6B illustrates a further user interface according to one exampleembodiment of the inventive subject matter disclosed herein;

FIG. 7 illustrates a flow chart of a further method according to oneexample embodiment of the inventive subject matter disclosed herein;

FIG. 8 illustrates a diagram of one example embodiment of a computingsystem architecture according to the inventive subject matter disclosedherein; and

FIGS. 9 and 10 illustrate inheritance of policy attributes according toone example embodiment of the inventive subject matter disclosed herein.

DETAILED DESCRIPTION

In the following detailed description, reference is made to theaccompanying drawings that form a part hereof, and in which are shown,by way of illustration, specific embodiments in which the inventivesubject matter can be practiced. It is understood that other embodimentsmay be utilized and structural changes may be made without departingfrom the scope of the inventive subject matter. The leading digit(s) ofreference numbers appearing in the Figures generally corresponds to theFigure number in which that component is first introduced, such that thesame reference number is used throughout to refer to an identicalcomponent which appears in multiple Figures. Signals and connections maybe referred to by the same reference number or label, and the actualmeaning will be clear from its use in the context of the description.

Referring now to FIG. 1 there is illustrated an overview of a firstexample embodiment of a system 100 including a policy server 110, one ormore networks 120, such as private or public networks, and a pluralityof workstation computers 130, such as but not limited to personalcomputers, and reader applications 140 operating on the workstationcomputers 130. Reader application 140, in one example embodiment, is aclient application that opens digital content, such as a document, andenforces permissions, such as, for example but not by way of limitation,the Adobe Acrobat® line of programs, available from Adobe Systems, Inc.Policy server 110 includes digital rights management (DRM) software 112for defining policies, associating policies to a unit of digital content200, authenticating users 114, and permission management 116, forexample through interaction with the reader applications 140, and policymaintenance functions 118.

Referring to FIG. 2, there is illustrated one example embodiment of aunit of digital content 200. Unit 200 may, by way of example but notlimitation, take the form of an electronic document, for instance in aportable document format (PDF) as is made available by Adobe SystemsInc., or the form of a digital music file, digital audiovisual workfile, or any other type of digital file that contains content that auser may seek to access. Unit 200, for example, but not by way oflimitation, may include the following components: i) a name 210; ii)indication of file type 220, such as PDF, Word document, Excelspreadsheet, or other type of file; iii) the identification 230 of arights management policy associated with the document, or a copy of theactual policy; iv) or other attributes 240; and v) digital content 250such as a document, illustration, music, audiovisual work, or any othermedia in digital form.

Referring now to FIG. 3, there is illustrated one example embodiment ofa digital rights management policy 300. Policy 300 has an identification310, and specifies, for example, one or more permissions relating to thedigital content. For example but not by way of limitation, suchpermissions may specify, for each of one or more roles 320 (A, B, . . .N), the following: i) rights to access and view the content 330; ii)rights to copy the content 340; iii) rights to modify or add to thecontent 350; and/or iv) other rights 360. A policy 300 may be associatedwith a unit of digital content 200, for example by tracking anassociation of the digital content 200 with a policy 300 on the policyserver 110, or by replication of the policy 300 in the unit of digitalcontent 200.

Referring now to FIG. 4A, there is illustrated one example embodiment ofa digital rights management policy template 400. A policy template 400defines a set of policy permissions or other attributes that may bedesirable to specify in a policy. The policy permissions may bespecified, for example but not by way of limitation, in the same orsimilar manner to which such permissions are specified in a policy 300.It is used, however, not necessarily as a policy to associate with aspecific unit of digital content 200, but rather as a template to beused to define a policy 300 for a specific unit of digital content 200.

For this purpose, as shown in FIG. 4B, one or more policy templates 400are displayed in a user interface 410 by policy creating and maintenancefunctions 118 that may run on the policy server 110 and/or alternativelyrun on a workstation computer 130. User interface 410 provides aninterface that allows a user such as a policy administrator, creator, oreditor, to select one or more policy templates 400 to use to create aspecific policy 300.

Referring now to FIG. 5, for example but not by way of limitation, tocreate a specific policy 300, as illustrated in the flow chart 500, oneor more policy templates 400 may be selected 510, for example using apointing device in a graphical user interface, or alternatively byspecifying the name of the templates. Each policy template 400 mayinclude permissions specified as noted above. The maintenance functions118, for example, may, in one embodiment, associate 520 one or moretemplates to the policy 300 for a specific unit of digital content 200.The particular unit of digital content 200 may be distributed to morethan one content user 530, and a content user may attempt to access 540the particular unit of digital content 200. Upon authentication 550 ofthe user to the policy server 110, the policy server 110 may aggregate560 the permissions of each policy template 400 associated with thecontent, store them temporarily or permanently for reference, andthereby define the aggregated policy permissions allowed to the user forthis particular unit of digital content 200. The reader application 140may then communicate 570 with the policy server 110 to determine whataggregated permissions are afforded to the authenticated content user.The reader application 140, using the aggregated permissions, thencontrols 580 access and use of the digital content based on theaggregated permissions.

According to one embodiment, the reader application 140 downloads theaggregated permissions and keeps them at least during the session inwhich the authenticated user is accessing the document. According toanother embodiment, the reader application 140 may not download thepermissions and instead refer back to the policy server 110 each time itneeds to determine if an action sought by the authenticated user isallowed.

Referring now to FIG. 6A, there is illustrated still another exampleembodiment of a policy 600, wherein policy 600 includes a plurality ofpermissions which include a plurality of permissions 610 obtained fromfirst policy template 400, and one or more additional policy permissions620 that are specified for a particular unit of content 200 to augmentthe permissions from the policy template 400.

Referring to FIG. 6B, one or more policy templates 400 are displayed ina user interface 620 of the maintenance program 118 that may run on thepolicy server and/or run on a workstation computer 130. User interface620 provides an interface that allows a policy administrator, creator,or editor to select one or more policy templates 400 to use to create aspecific policy 600.

For example but not by way of limitation, to create a specific policy600, as illustrated in the flow chart 700 of FIG. 7, one of the policiestemplates 400 may be selected 710, for example using a pointing devicein a graphical user interface, or alternatively by specifying the nameof the policies. The selected policy template may include permissionsspecified as noted above. The maintenance program 118, for example, may,in one embodiment, request or permit a user, such as the policyadministrator, creator, or editor, to augment the permissions from thepolicy template 400 by defining one or more additional permissions that,taken together with the permissions from the selected policy template400, form the set of permissions desired. The maintenance program 118,for example, may, in one embodiment, associate 720 both the permissionsfrom the selected policy template and the one or more additionalpermissions with a specific unit of digital content 200 specified by theuser creating the policy. A content user may attempt to access 730 theparticular unit of digital content 200, which may be distributed to morethan one user. Upon authentication 740 of the user by the policy server110, the policy server 110 may aggregate 750 the permissions of theselected policy template 400, and the one or more additional augmentingpermissions earlier specified for that particular digital content 200,and, in one example embodiment, store the aggregate permissionstemporarily or permanently for reference, and thereby define theaggregated policy permissions allowed to the content user for thisparticular unit of digital content 200. The reader application 140 maythen communicate 760 with the policy server 110 to get or determine theaggregated permissions 770 that are afforded to the authenticated user.The reader application 140, using the aggregated permissions, thencontrols 760 access and use of the digital content based on theaggregated permissions. According to one example embodiment, theaugmented set of permissions are not represented in the policy server110 as a new policy available for re-use by, for example, authors orpublishers for other content, for example to be selected and assigned toother content at a future time. This may provide for reducing the numberof policies exposed to users using, creating, maintaining, or editingpolicies, and have the effect of reducing unwanted “policy clutter”owing to a multiplicity of similar but slightly different polices Theaugmented set of permissions may be, however, represented and maintainedin the server so that they can be identified and used as required tocontrol access to associated content. The augmented set of permissionsmay be, in one example embodiment, kept as “hidden policies” that arenot exposed to users, for example users authorized to create and assignpolicies to units of digital content, but are otherwise stored in thesystem. For example, policies may be “hidden” in a manner similar to theway system files may be “hidden” in the Windows® operating systemdistributed by Microsoft Corporation.

According to one embodiment, the reader application 140 downloads theaggregated permissions and keeps them at least during the session inwhich the authenticated user is accessing the document. According toanother embodiment, the reader application 140 may not download theaggregated permissions and instead refer back to the policy server eachtime it needs to determine if an action sought by the authenticated useris allowed. According to yet another example embodiment, the readerapplication 140 may not be required or requested to authenticate theuser, and the policy may be universal for any user accessing thedocument or content.

According to one example embodiment, the above-described customizedpolicy with aggregated permissions may be implemented as “hidden”policy, in other words a policy that does not appear in the catalog,list, or library of policies available to a user to select to assign toanother unit of digital content such as content 200, but in fact isimplemented in the system as if it were one of policies 300, whereinthere is a specific policy identifiable in the system and available forviewing and revision from a policy management interface.

According to still another example embodiment, the policy server 110 maysupport inheritance for policy definition and maintenance. That is, whencreating a policy it is possible to have it inherit permissionassignments from a base policy. This allows that if permissions or otherattributes in the base policy are changed, then the permissions or otherattributes of all other policies that extend it will change dynamically.Referring to FIGS. 9 and 10, there is illustrated a flow chart of anexample embodiment of policy inheritance according to the inventivesubject matter. As illustrated in FIG. 9, a policy 900 includesinherited permission assignments 910 inherited from an external or basepolicy 920, and additional or augmenting permission assignments 930. Asillustrated in FIG. 10, an example method 1000 for updating inheritedpermission assignments in policy 900 includes changing 1010 the basepolicy 920, detecting or monitoring 1020 the changes in the base policy920, and providing for policy 900 to inherit 1030 the changed permissionassignments from policy 920. In one example embodiment, such inheritancemay be accomplished using a policy server, such as policy server 110,for example wherein the policy server dynamically determines thepermission assignments provide by policy 900 each time a readerapplication, such as reader application 140, or other applicationrequests those permissions for the purpose of authorizing a user accessto the associated digital content. Alternatively, the policy 900 may beupdated with any changed permission assignments any time the policyserver detects changes in the base policy 920.

According to still another example embodiment, the system of FIGS. 1-5and FIGS. 6-7 may be used in combination, such that a policy may bespecified as a combination of two or more templates in addition to oneor more additional permissions specified for a particular unit ofdigital content.

According to one example embodiment, a policy of any of theabove-described type may be associated with a group, and if a user is amember of that group as determined by a policy server such as policyserver 110, the user will obtain the permissions of such policy.

Thus, according to the foregoing, the example subject matter describedherein may allow for the reduction in excessive multiplicities ofspecial policies that differ little from one another, allowing foreasier use of the system but reducing clutter. An increased number ofpolicies is harder to manage and is confusing to end users. The systemand methods further provide for reusing a policy, such as policy 300, orpolicy template, such as template 400 with common basic permissions,with one or more customizations specific only to a particular unit ofdigital content, such as content 200. Thus, using the variousembodiments herein illustrated, it may not be necessary to define newpolicies in the system if an aggregation of existing policies canexpress how the user, for example a publisher of content, wants tosecure their content. Further, documents or content may be secured withany set of permissions assignments while keeping to a minimum the numberof policies that need to be managed in the system.

According to another example embodiment, the system and method may allowfor any digital rights management policy 300 to be used as a policytemplate 400, or the system and method may provide that templates 400are maintained separately and only policy templates 400 are allowed tobe used to define and create policies such as described above herein.

FIG. 8 shows a diagrammatic representation of a machine in the exampleform of a computer system 800 within which a set of instructions, forcausing the machine to perform any one or more of the methodologiesdiscussed herein, may be executed. In alternative embodiments, themachine operates as a standalone device or may be connected (e.g.,networked) to other machines. In a networked deployment, the machine mayoperate in the capacity of a server or a client machine in server-clientnetwork environment, or as a peer machine in a peer-to-peer (ordistributed) network environment. The machine may be a personal computer(PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant(PDA), a cellular telephone, a web appliance, a network router, switchor bridge, or any machine capable of executing a set of instructions(sequential or otherwise) that specify actions to be taken by thatmachine. Further, while only a single machine is illustrated, the term“machine” shall also be taken to include any collection of machines thatindividually or jointly execute a set (or multiple sets) of instructionsto perform any one or more of the methodologies discussed herein.

The example computer system 800 includes a processor 802 (e.g., acentral processing unit (CPU), a graphics processing unit (GPU) orboth), a main memory 804 and a static memory 806, which communicate witheach other via a bus 808. The computer system 800 may further include avideo display unit 810 (e.g., a liquid crystal display (LCD) or acathode ray tube (CRT)). The computer system 800 also includes analphanumeric input device 812 (e.g., a keyboard), a cursor controldevice 814 (e.g., a mouse), a disk drive unit 816, a signal generationdevice 818 (e.g., a speaker) and a network interface device 820. Thedisk drive unit 816 includes a machine-readable medium 822 on which isstored one or more sets of instructions and data structures (e.g.,software) 824 embodying or utilized by any one or more of themethodologies or functions described herein. The instructions 824 mayalso reside, completely or at least partially, within the main memory804 and/or within the processor 802 during execution thereof by thecomputer system 800, the main memory 804 and the processor 802 alsoconstituting machine-readable media.

The instructions 824 may further be transmitted or received over anetwork 826 via the network interface device 820 utilizing any one of anumber of well-known transfer protocols, for example the hyper texttransfer protocol (HTTP).

While the machine-readable medium 822 is shown in an example embodimentto be a single medium, the term “machine-readable medium” should betaken to include a single medium or multiple media (e.g., a centralizedor distributed database, and/or associated caches and servers) thatstore the one or more sets of instructions. The term “machine-readablemedium” shall also be taken to include any medium that is capable ofstoring, encoding or carrying a set of instructions for execution by themachine and that cause the machine to perform any one or more of themethodologies of the present invention, or that is capable of storing,encoding or carrying data structures utilized by or associated with sucha set of instructions. The term “machine-readable medium” shallaccordingly be taken to include, but not be limited to, solid-statememories, optical media, and magnetic media.

According to still another example embodiment, the above-describedsystem and method may be used in combination with the method and systemfor user authentication described in U.S. application Ser. No.11/311,758, entitled, “AUTHENTICATION USING A DIGITAL RIGHTS MANAGEMENTPOLICY”, by Gary Gilchrist and Sangameswaran Viswanathan, filed on evendate herewith, and assigned to Adobe Systems Inc., hereby incorporatedherein by reference. In particular, the authentication systems andmethods described therein may be used in combination with the system andmethod described herein, for example defining a policy for a documentusing multiple policy templates and/or augmenting a policy template tocreate a policy associated with a particular unit of digital content.

In this description, numerous specific details are set forth. However,it is understood that embodiments of the invention may be practicedwithout these specific details. In other instances, well-known circuits,software, structures and techniques have not been shown in detail inorder not to obscure the understanding of this description. Note that inthis description, references to “one embodiment” or “an embodiment” meanthat the feature being referred to is included in at least oneembodiment of the invention. Further, separate references to “oneembodiment” in this description do not necessarily refer to the sameembodiment; however, neither are such embodiments mutually exclusive,unless so stated and except as will be readily apparent to those ofordinary skill in the art. Thus, the inventive subject matter caninclude any variety of combinations and/or integrations of theembodiments described herein. Each claim, as may be amended, constitutesan embodiment of the invention, incorporated by reference into thedetailed description. Moreover, in this description, the phrase“exemplary embodiment” means that the embodiment being referred toserves as an example or illustration. Further, block diagrams illustrateexemplary embodiments of the invention. Also herein, flow diagramsillustrate operations of the exemplary embodiments of the invention. Theoperations of the flow diagrams are described with reference to theexemplary embodiments shown in the block diagrams. However, it should beunderstood that the operations of the flow diagrams could be performedby embodiments of the invention other than those discussed withreference to the block diagrams, and embodiments discussed withreference to the block diagrams could perform operations different thanthose discussed with reference to the flow diagrams. Additionally, someembodiments may not perform all the operations shown in a flow diagram.Moreover, it should be understood that although the flow diagrams depictserial operations, certain embodiments could perform certain of thoseoperations in parallel.

What is claimed is:
 1. A method comprising: receiving a first selectionof a policy template from a plurality of policy templates, the selectedpolicy template defining a set of permissions from which to generate apolicy for a unit of digital content; receiving an additional permissionwith which to augment the set of permissions; augmenting, using aprocessor of a machine, the set of permissions by adding the additionalpermission to the set of permissions to form an augmented set ofpermissions for the unit of digital content; and maintaining theaugmented set of permissions as a hidden policy for access control usagefor the unit of digital content, the hidden policy being unavailable forassignment to a different unit of digital content.
 2. The method ofclaim 1, further comprising assigning the augmented set of permissionsto the unit of digital content.
 3. The method of claim 2, wherein theassigning includes providing a copy of the augmented set of permissionassignments for inclusion in the unit of digital content.
 4. The methodof claim 1, further comprising providing the augmented set ofpermissions to a reader application for temporary storage during asession in which the unit of digital content is accessed.
 5. The methodof claim 1, further comprising: displaying to a user a listing of theplurality of different policy templates to allow the user to select thepolicy template from the plurality of different policy templates fromwhich to generate the policy for the unit of digital content.
 6. Themethod of claim 1, further comprising storing a plurality of differentpolicies on a policy server, at least one of the plurality of policiesinheriting a set of permissions from a base policy such that if apermission in the base policy is changed then the change isautomatically applied to a corresponding permission in the at least oneof the plurality of different policies.
 7. The method of claim 6,wherein the automatically applied change is triggered in response todetecting a change in the base policy.
 8. The method of claim 6, whereinthe automatically applied change is made in response to an applicationrequesting access to content associated with the at least one of theplurality of policies.
 9. The method of claim 1, further comprising:receiving a second selection of a policy template from the plurality ofpolicy templates, the second selected policy template defining a secondset of permissions from which to generate the policy for the unit ofdigital content; and aggregating the set of permissions and the secondset of permissions to form an aggregated set of permissions, wherein theadditional permission is augmented to the aggregated set of permissionsto form the augmented set of permissions for the unit of digitalcontent.
 10. The method of claim 1, further comprising: authenticating auser trying to access the unit of digital content; and sending the setof permission assignments to a reader application associated with theuser.
 11. A system comprising: a policy server machine to store aplurality of different policy templates; and one or more computerprograms operable on the policy service machine to: receive a firstselection of a policy template from a plurality of policy templates, theselected policy template defining a set of permissions from which togenerate a policy for a unit of digital content; receive an additionalpermission with which to augment the set of permissions; augment the setof permissions by adding the additional permission to the set ofpermissions to form an augmented set of permissions for the unit ofdigital content; and maintain the augmented set of permissions as ahidden policy for access control usage for the unit of digital content,the hidden policy being unavailable for assignment to a different unitof digital content.
 12. The system of claim 11, wherein the one or morecomputer programs are further operable to assign the augmented set ofpermissions to the unit of digital content, the assigning includesproviding a copy of the augmented set of permission assignments forinclusion in the unit of digital content.
 13. The system of claim 11,wherein the one or more computer programs are further operable toinherit a set of permissions from a base policy so that a change in apermission to the base policy causes the change to be automaticallyapplied to a corresponding permission of the selected policy template.14. The system of claim 11, wherein the one or more computer programsare further operable to: receive a second selection of a policy templatefrom the plurality of policy templates, the second selected policytemplate defining a second set of permissions from which to generate thepolicy for the unit of digital content; and aggregate the set ofpermissions and the second set of permissions to form an aggregated setof permissions, wherein the additional permission is augmented to theaggregated set of permissions to form the augmented set of permissionsfor the unit of digital content.
 15. A non-transitory machine-readablestorage medium in communication with at least one processor, themachine-readable storage medium storing instructions which, whenexecuted by the at least one processor, provides operations comprising:receiving a first selection of a policy template from a plurality ofpolicy templates, the selected policy template defining a set ofpermissions from which to generate a policy for a unit of digitalcontent; receiving an additional permission with which to augment theset of permissions; augmenting, using a processor of a machine, the setof permissions by adding the additional permission to the set ofpermissions to form an augmented set of permissions for the unit ofdigital content; and maintaining the augmented set of permissions as ahidden policy for access control usage for the unit of digital content,the hidden policy being unavailable for assignment to a different unitof digital content.
 16. The non-transitory machine-readable storagemedium of claim 15, wherein the operations further comprise assigningthe augmented set of permissions to the unit of digital content.
 17. Thenon-transitory machine-readable storage medium of claim 16, wherein theassigning includes providing a copy of the augmented set of permissionassignments for inclusion in the unit of digital content.
 18. Thenon-transitory machine-readable storage medium of claim 15, wherein theoperations further comprise providing the augmented set of permissionsto a reader application for temporary storage during a session in whichthe unit of digital content is accessed.
 19. The non-transitorymachine-readable storage medium of claim 15, wherein the operationsfurther comprise storing a plurality of different policies on a policyserver, at least one of the plurality of policies inheriting a set ofpermissions from a base policy such that if a permission in the basepolicy is changed then the change is automatically applied to acorresponding permission in the at least one of the plurality ofdifferent policies.
 20. The non-transitory machine-readable storagemedium of claim 15, wherein the operations further comprise: receiving asecond selection of a policy template from the plurality of policytemplates, the second selected policy template defining a second set ofpermissions from which to generate the policy for the unit of digitalcontent; and aggregating the set of permissions and the second set ofpermissions to form an aggregated set of permissions, wherein theadditional permission is augmented to the aggregated set of permissionsto form the augmented set of permissions for the unit of digitalcontent.